From 8ea19f3e4bb1bbf8eeef25f4a29c172d8b0ef586 Mon Sep 17 00:00:00 2001 From: Eugenio Sanchez Date: Mon, 4 Apr 2022 14:15:55 -0700 Subject: [PATCH] Update tests to support IPv6/ --- .../configmap/nginx-config.yaml | 2 +- tests/data/common/app/secure/app.yaml | 1 + tests/data/common/app/vsr/secure/single.yaml | 1 + tests/data/dos/nginx-config.yaml | 2 +- .../standard/secure-app.yaml | 1 + tests/suite/ssl_utils.py | 1 + .../test_transport_server_tcp_load_balance.py | 40 ++++++++--------- .../test_transport_server_udp_load_balance.py | 44 ++++++++++++++++--- tests/suite/test_v_s_route_api.py | 2 +- tests/suite/test_virtual_server_api.py | 2 +- 10 files changed, 65 insertions(+), 31 deletions(-) diff --git a/tests/data/access-control/configmap/nginx-config.yaml b/tests/data/access-control/configmap/nginx-config.yaml index 3e201e05bd..a957b3cc2e 100644 --- a/tests/data/access-control/configmap/nginx-config.yaml +++ b/tests/data/access-control/configmap/nginx-config.yaml @@ -4,4 +4,4 @@ metadata: name: nginx-config namespace: nginx-ingress data: - set-real-ip-from: "0.0.0.0/0" \ No newline at end of file + set-real-ip-from: "0.0.0.0/0,::/0" \ No newline at end of file diff --git a/tests/data/common/app/secure/app.yaml b/tests/data/common/app/secure/app.yaml index 546428adb4..cb69d395ac 100644 --- a/tests/data/common/app/secure/app.yaml +++ b/tests/data/common/app/secure/app.yaml @@ -85,6 +85,7 @@ data: app.conf: |- server { listen 443 ssl; + listen [::]:443 ssl; server_name app.example.com; diff --git a/tests/data/common/app/vsr/secure/single.yaml b/tests/data/common/app/vsr/secure/single.yaml index cca1a5c01f..aba2e97fcf 100644 --- a/tests/data/common/app/vsr/secure/single.yaml +++ b/tests/data/common/app/vsr/secure/single.yaml @@ -55,6 +55,7 @@ data: app.conf: |- server { listen 443 ssl; + listen [::]:443 ssl; server_name app.example.com; diff --git a/tests/data/dos/nginx-config.yaml b/tests/data/dos/nginx-config.yaml index 9239280edd..af718b4480 100644 --- a/tests/data/dos/nginx-config.yaml +++ b/tests/data/dos/nginx-config.yaml @@ -6,7 +6,7 @@ metadata: data: real-ip-header: "X-Forwarded-For" real-ip-recursive: "True" - set-real-ip-from: "0.0.0.0/0" + set-real-ip-from: "0.0.0.0/0,::/0" worker-connections: "30000" worker-rlimit-nofile: "65535" worker-rlimit-core: "500M" \ No newline at end of file diff --git a/tests/data/transport-server-tls-passthrough/standard/secure-app.yaml b/tests/data/transport-server-tls-passthrough/standard/secure-app.yaml index c517a3e423..00ea5bc51c 100644 --- a/tests/data/transport-server-tls-passthrough/standard/secure-app.yaml +++ b/tests/data/transport-server-tls-passthrough/standard/secure-app.yaml @@ -52,6 +52,7 @@ data: app.conf: |- server { listen 8443 ssl; + listen [::]:8443 ssl; server_name app.example.com; diff --git a/tests/suite/ssl_utils.py b/tests/suite/ssl_utils.py index 920f25f94a..f56aa1ffe8 100644 --- a/tests/suite/ssl_utils.py +++ b/tests/suite/ssl_utils.py @@ -20,6 +20,7 @@ def get_certificate(ip_address, host, port, timeout=10) -> str: context = ssl.create_default_context() context.check_hostname = False context.verify_mode = ssl.CERT_NONE + ip_address = ip_address.strip("[]") conn = socket.create_connection((ip_address, port)) server_hostname = host if ssl.HAS_SNI else None sock = context.wrap_socket(conn, server_hostname=server_hostname) diff --git a/tests/suite/test_transport_server_tcp_load_balance.py b/tests/suite/test_transport_server_tcp_load_balance.py index 0bd5e72ce4..4739068d42 100644 --- a/tests/suite/test_transport_server_tcp_load_balance.py +++ b/tests/suite/test_transport_server_tcp_load_balance.py @@ -120,8 +120,8 @@ def test_tcp_request_load_balanced( retry = 0 while(len(endpoints) is not 3 and retry <= 30): for i in range(20): - client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - client.connect((host, port)) + host = host.strip("[]") + client = socket.create_connection((host,port)) client.sendall(b'connect') response = client.recv(4096) endpoint = response.decode() @@ -165,8 +165,8 @@ def test_tcp_request_load_balanced_multiple( # Step 1, confirm load balancing is working. print(f"sending tcp requests to: {host}:{port}") - client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - client.connect((host, port)) + host = host.strip("[]") + client = socket.create_connection((host,port)) client.sendall(b'connect') response = client.recv(4096) endpoint = response.decode() @@ -212,8 +212,8 @@ def test_tcp_request_load_balanced_multiple( # Step 4, confirm load balancing is still working. print(f"sending tcp requests to: {host}:{port}") - client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - client.connect((host, port)) + host = host.strip("[]") + client = socket.create_connection((host,port)) client.sendall(b'connect') response = client.recv(4096) endpoint = response.decode() @@ -252,8 +252,8 @@ def test_tcp_request_load_balanced_wrong_port( print(f"sending tcp requests to: {host}:{port}") for i in range(3): try: - client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - client.connect((host, port)) + host = host.strip("[]") + client = socket.create_connection((host,port)) client.sendall(b'connect') except ConnectionResetError as E: print("The expected exception occurred:", E) @@ -283,8 +283,8 @@ def test_tcp_request_load_balanced_missing_service( print(f"sending tcp requests to: {host}:{port}") for i in range(3): try: - client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - client.connect((host, port)) + host = host.strip("[]") + client = socket.create_connection((host,port)) client.sendall(b'connect') except ConnectionResetError as E: print("The expected exception occurred:", E) @@ -293,8 +293,8 @@ def test_tcp_request_load_balanced_missing_service( def make_holding_connection(self, host, port): print(f"sending tcp requests to: {host}:{port}") - client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - client.connect((host, port)) + host = host.strip("[]") + client = socket.create_connection((host,port)) client.sendall(b'hold') response = client.recv(4096) endpoint = response.decode() @@ -421,8 +421,8 @@ def test_tcp_request_load_balanced_method( retry = 0 while(len(endpoints) is not 1 and retry <= 30): for i in range(20): - client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - client.connect((host, port)) + host = host.strip("[]") + client = socket.create_connection((host,port)) client.sendall(b'connect') response = client.recv(4096) endpoint = response.decode() @@ -447,8 +447,8 @@ def test_tcp_request_load_balanced_method( retry = 0 while(len(endpoints) is not 3 and retry <= 30): for i in range(20): - client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - client.connect((host, port)) + host = host.strip("[]") + client = socket.create_connection((host,port)) client.sendall(b'connect') response = client.recv(4096) endpoint = response.decode() @@ -509,8 +509,8 @@ def test_tcp_passing_healthcheck_with_match( retry = 0 while(len(endpoints) is not 3 and retry <= 30): for i in range(20): - client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - client.connect((host, port)) + host = host.strip("[]") + client = socket.create_connection((host,port)) client.sendall(b'connect') response = client.recv(4096) endpoint = response.decode() @@ -570,8 +570,8 @@ def test_tcp_failing_healthcheck_with_match( port = transport_server_setup.public_endpoint.tcp_server_port host = transport_server_setup.public_endpoint.public_ip - client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - client.connect((host, port)) + host = host.strip("[]") + client = socket.create_connection((host,port)) client.sendall(b'connect') try: diff --git a/tests/suite/test_transport_server_udp_load_balance.py b/tests/suite/test_transport_server_udp_load_balance.py index 2a843c8eef..c01d31f4f3 100644 --- a/tests/suite/test_transport_server_udp_load_balance.py +++ b/tests/suite/test_transport_server_udp_load_balance.py @@ -1,6 +1,7 @@ import pytest import re import socket +import ipaddress from suite.resources_utils import ( wait_before_test, @@ -17,6 +18,30 @@ ) from settings import TEST_DATA +# Helper functions +def chk_endpoint(endp): + """ + If an endpoint is IPv6, return a formatted [ip]:port + endpoint. Otherwise, return unmodified endpoint. + """ + ip = endp[:endp.rfind(":")] + address = ipaddress.ip_address(ip) + if address.version == 6: + port = endp[endp.rfind(":"):] + return f"[{ip}]{port}" + else: + return endp + +def ipfamily_from_host(host): + """ + Return socket type (AF_INET or AF_INET6) based on + IP address type from host + """ + address = ipaddress.ip_address(host) + if address.version == 6: + return socket.AF_INET6 + else: + return socket.AF_INET @pytest.mark.ts @pytest.mark.skip_for_loadbalancer @@ -115,7 +140,8 @@ def test_udp_request_load_balanced( retry = 0 while(len(endpoints) is not 3 and retry <= 30): for i in range(20): - client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, 0) + host = host.strip("[]") + client = socket.socket(ipfamily_from_host(host), socket.SOCK_DGRAM, 0) client.sendto("ping".encode('utf-8'), (host, port)) data, address = client.recvfrom(4096) endpoint = data.decode() @@ -144,7 +170,7 @@ def test_udp_request_load_balanced( for key in endpoints.keys(): found = False for server in servers: - if key in server: + if chk_endpoint(key) in server: found = True assert found @@ -159,7 +185,8 @@ def test_udp_request_load_balanced_multiple( # Step 1, confirm load balancing is working. print(f"sending udp requests to: {host}:{port}") - client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, 0) + host = host.strip("[]") + client = socket.socket(ipfamily_from_host(host), socket.SOCK_DGRAM, 0) client.sendto("ping".encode('utf-8'), (host, port)) data, address = client.recvfrom(4096) endpoint = data.decode() @@ -203,7 +230,7 @@ def test_udp_request_load_balanced_multiple( ) # Step 4, confirm load balancing is still working. - client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, 0) + client = socket.socket(ipfamily_from_host(host), socket.SOCK_DGRAM, 0) client.sendto("ping".encode('utf-8'), (host, port)) data, address = client.recvfrom(4096) endpoint = data.decode() @@ -239,7 +266,8 @@ def test_udp_request_fails( print(f"sending udp requests to: {host}:{port}") for i in range(3): - client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, 0) + host = host.strip("[]") + client = socket.socket(ipfamily_from_host(host), socket.SOCK_DGRAM, 0) client.settimeout(2) client.sendto("ping".encode('utf-8'), (host, port)) try: @@ -301,7 +329,8 @@ def test_udp_passing_healthcheck_with_match( endpoints = {} while(len(endpoints) is not 3 and retry <= 30): for i in range(20): - client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, 0) + host = host.strip("[]") + client = socket.socket(ipfamily_from_host(host), socket.SOCK_DGRAM, 0) client.sendto("ping".encode('utf-8'), (host, port)) data, address = client.recvfrom(4096) endpoint = data.decode() @@ -361,7 +390,8 @@ def test_udp_failing_healthcheck_with_match( port = transport_server_setup.public_endpoint.udp_server_port host = transport_server_setup.public_endpoint.public_ip - client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, 0) + host = host.strip("[]") + client = socket.socket(ipfamily_from_host(host), socket.SOCK_DGRAM, 0) client.settimeout(2) client.sendto("ping".encode('utf-8'), (host, port)) try: diff --git a/tests/suite/test_v_s_route_api.py b/tests/suite/test_v_s_route_api.py index 52a9cd2c4a..93cb65bd64 100644 --- a/tests/suite/test_v_s_route_api.py +++ b/tests/suite/test_v_s_route_api.py @@ -12,7 +12,7 @@ @pytest.mark.skip_for_nginx_oss @pytest.mark.parametrize('crd_ingress_controller, v_s_route_setup', [({"type": "complete", "extra_args": ["-enable-custom-resources", - "-nginx-status-allow-cidrs=0.0.0.0/0"]}, + "-nginx-status-allow-cidrs=0.0.0.0/0,::/0"]}, {"example": "virtual-server-route-dynamic-configuration"})], indirect=True) class TestVSRNginxPlusApi: diff --git a/tests/suite/test_virtual_server_api.py b/tests/suite/test_virtual_server_api.py index 823a4456ea..e209614d90 100644 --- a/tests/suite/test_virtual_server_api.py +++ b/tests/suite/test_virtual_server_api.py @@ -12,7 +12,7 @@ @pytest.mark.skip_for_nginx_oss @pytest.mark.parametrize('crd_ingress_controller, virtual_server_setup', [({"type": "complete", "extra_args": ["-enable-custom-resources", - "-nginx-status-allow-cidrs=0.0.0.0/0"]}, + "-nginx-status-allow-cidrs=0.0.0.0/0,::/0"]}, {"example": "virtual-server-dynamic-configuration", "app_type": "simple"})], indirect=True) class TestVSNginxPlusApi: